diff --git a/CVE-2017-17858.patch b/CVE-2017-17858.patch deleted file mode 100644 index f208b42..0000000 --- a/CVE-2017-17858.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Mon, 11 Dec 2017 14:09:15 +0100 -Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below - limit. - -This ensures that: - * xref tables with objects pointers do not grow out of bounds. - * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf. ---- - include/mupdf/pdf/object.h | 3 +++ - source/pdf/pdf-repair.c | 5 +---- - source/pdf/pdf-xref.c | 21 ++++++++++++--------- - 3 files changed, 16 insertions(+), 13 deletions(-) - -Index: mupdf-1.12.0-source/include/mupdf/pdf/object.h -=================================================================== ---- mupdf-1.12.0-source.orig/include/mupdf/pdf/object.h -+++ mupdf-1.12.0-source/include/mupdf/pdf/object.h -@@ -3,6 +3,9 @@ - - typedef struct pdf_document_s pdf_document; - -+/* Defined in PDF 1.7 according to Acrobat limit. */ -+#define PDF_MAX_OBJECT_NUMBER 8388607 -+ - /* - * Dynamic objects. - * The same type of objects as found in PDF and PostScript. -Index: mupdf-1.12.0-source/source/pdf/pdf-repair.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-repair.c -+++ mupdf-1.12.0-source/source/pdf/pdf-repair.c -@@ -6,9 +6,6 @@ - - /* Scan file for objects and reconstruct xref table */ - --/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */ --#define MAX_OBJECT_NUMBER (10 << 20) -- - struct entry - { - int num; -@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_doc - break; - } - -- if (num <= 0 || num > MAX_OBJECT_NUMBER) -+ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER) - { - fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); - goto have_next_token; -Index: mupdf-1.12.0-source/source/pdf/pdf-xref.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-xref.c -+++ mupdf-1.12.0-source/source/pdf/pdf-xref.c -@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_d - fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR); - } - -- if (ofs < 0) -- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs); -- if (ofs > INT64_MAX - len) -- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big"); -- -+ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER -+ || len < 0 || len > PDF_MAX_OBJECT_NUMBER -+ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER) -+ { -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); -+ } - /* broken pdfs where size in trailer undershoots entries in xref sections */ - if (ofs + len > xref_len) - { -@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ct - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) -- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); -- //if (i0 + i1 > pdf_xref_len(ctx, doc)) -- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); -+ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); - - table = pdf_xref_find_subsection(ctx, doc, i0, i1); - for (i = i0; i < i0 + i1; i++) -@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_d - /* TODO: reuse free object slots by properly linking free object chains in the ofs field */ - pdf_xref_entry *entry; - int num = pdf_xref_len(ctx, doc); -+ -+ if (num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf"); -+ - entry = pdf_get_incremental_xref_entry(ctx, doc, num); - entry->type = 'f'; - entry->ofs = -1; diff --git a/CVE-2018-1000051.patch b/CVE-2018-1000051.patch deleted file mode 100644 index 54bd278..0000000 --- a/CVE-2018-1000051.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Tue, 19 Dec 2017 23:47:47 +0100 -Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces. - -Previously the borrowed colorspace was dropped when updating annotation -appearances, leading to use after free warnings from valgrind/ASAN. ---- - source/pdf/pdf-appearance.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c -index 70f684f..d7a1ddd 100644 ---- a/source/pdf/pdf-appearance.c -+++ b/source/pdf/pdf-appearance.c -@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_matrix page_ctm; - - pdf_page_transform(ctx, annot->page, NULL, &page_ctm); -@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_try(ctx) - { - char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents)); - char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA)); -+ fz_colorspace *cs; - fz_point pos; - fz_rect rect; - -@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_drop_display_list(ctx, dlist); - font_info_fin(ctx, &font_rec); - fz_drop_text(ctx, text); -- fz_drop_colorspace(ctx, cs); - } - fz_catch(ctx) - { -@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_path *path = NULL; - fz_buffer *fzbuf = NULL; - fz_matrix page_ctm; -@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_var(fzbuf); - fz_try(ctx) - { -@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_rect logo_bounds; - fz_matrix logo_tm; - fz_rect rect; -+ fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */ - - pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect); - rect = annot_rect; -@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds); - center_rect_within_rect(&logo_bounds, &rect, &logo_tm); - fz_concat(&logo_tm, &logo_tm, &page_ctm); -- cs = fz_device_rgb(ctx); /* Borrowed reference */ - fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL); - - get_font_info(ctx, doc, dr, da, &font_rec); --- -2.9.1 - diff --git a/CVE-2018-5686.patch b/CVE-2018-5686.patch deleted file mode 100644 index e94b59a..0000000 --- a/CVE-2018-5686.patch +++ /dev/null @@ -1,42 +0,0 @@ -X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=include%2Fmupdf%2Ffitz%2Fstream.h;h=790a0a83d3850facdceefb3c3e598fdb63d4e14d;hp=cd26be9039c064c8028fd6ca958044d133644e29;hb=b70eb93f6936c03d8af52040bbca4d4a7db39079;hpb=0d7359fbcd331ec0a22ec163dacff953f9817814 - -Index: mupdf-1.12.0-source/include/mupdf/fitz/stream.h -=================================================================== ---- mupdf-1.12.0-source.orig/include/mupdf/fitz/stream.h -+++ mupdf-1.12.0-source/include/mupdf/fitz/stream.h -@@ -335,10 +335,11 @@ static inline size_t fz_available(fz_con - - if (len) - return len; -+ if (stm->eof) -+ return 0; -+ - fz_try(ctx) -- { - c = stm->next(ctx, stm, max); -- } - fz_catch(ctx) - { - fz_rethrow_if(ctx, FZ_ERROR_TRYLATER); -@@ -369,10 +370,10 @@ static inline int fz_read_byte(fz_contex - - if (stm->rp != stm->wp) - return *stm->rp++; -+ if (stm->eof) -+ return EOF; - fz_try(ctx) -- { - c = stm->next(ctx, stm, 1); -- } - fz_catch(ctx) - { - fz_rethrow_if(ctx, FZ_ERROR_TRYLATER); -@@ -398,6 +399,8 @@ static inline int fz_peek_byte(fz_contex - - if (stm->rp != stm->wp) - return *stm->rp; -+ if (stm->eof) -+ return EOF; - - c = stm->next(ctx, stm, 1); - if (c != EOF) diff --git a/CVE-2018-6187.patch b/CVE-2018-6187.patch deleted file mode 100644 index b0db024..0000000 --- a/CVE-2018-6187.patch +++ /dev/null @@ -1,63 +0,0 @@ -X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Fpdf%2Fpdf-write.c;h=bc67f003025516c04991758ea648f79d00926742;hp=a7326a173a09df3fd4e3adbf3e1842081b6dfea4;hb=3e30fbb7bf5efd88df431e366492356e7eb969ec;hpb=b03def134988da8c800adac1a38a41a1f09a1d89 - -Index: mupdf-1.12.0-source/source/pdf/pdf-write.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-write.c -+++ mupdf-1.12.0-source/source/pdf/pdf-write.c -@@ -633,7 +633,8 @@ expand_lists(fz_context *ctx, pdf_write_ - { - int i; - -- num++; -+ /* objects are numbered 0..num and maybe two additional objects for linearization */ -+ num += 3; - opts->use_list = fz_resize_array(ctx, opts->use_list, num, sizeof(*opts->use_list)); - opts->ofs_list = fz_resize_array(ctx, opts->ofs_list, num, sizeof(*opts->ofs_list)); - opts->gen_list = fz_resize_array(ctx, opts->gen_list, num, sizeof(*opts->gen_list)); -@@ -1522,9 +1523,9 @@ static void preloadobjstms(fz_context *c - { - pdf_obj *obj; - int num; -- int xref_len = pdf_xref_len(ctx, doc); - -- for (num = 0; num < xref_len; num++) -+ /* xref_len may change due to repair, so check it every iteration */ -+ for (num = 0; num < pdf_xref_len(ctx, doc); num++) - { - if (pdf_get_xref_entry(ctx, doc, num)->type == 'o') - { -@@ -2755,7 +2756,7 @@ static void initialise_write_state(fz_co - opts->continue_on_error = in_opts->continue_on_error; - opts->errors = in_opts->errors; - -- expand_lists(ctx, opts, xref_len + 3); -+ expand_lists(ctx, opts, xref_len); - } - - /* Free the resources held by the dynamic write options */ -@@ -2889,6 +2890,9 @@ do_pdf_save_document(fz_context *ctx, pd - { - pdf_ensure_solid_xref(ctx, doc, xref_len); - preloadobjstms(ctx, doc); -+ -+ xref_len = pdf_xref_len(ctx, doc); /* May have changed due to repair */ -+ expand_lists(ctx, opts, xref_len); - } - - /* Sweep & mark objects from the trailer */ -@@ -2897,6 +2901,7 @@ do_pdf_save_document(fz_context *ctx, pd - else - { - xref_len = pdf_xref_len(ctx, doc); /* May have changed due to repair */ -+ expand_lists(ctx, opts, xref_len); - for (num = 0; num < xref_len; num++) - opts->use_list[num] = 1; - } -@@ -2917,6 +2922,7 @@ do_pdf_save_document(fz_context *ctx, pd - if ((opts->do_garbage >= 2 || opts->do_linear) && !opts->do_incremental) - { - xref_len = pdf_xref_len(ctx, doc); /* May have changed due to repair */ -+ expand_lists(ctx, opts, xref_len); - while (xref_len > 0 && !opts->use_list[xref_len-1]) - xref_len--; - } diff --git a/CVE-2018-6192.patch b/CVE-2018-6192.patch deleted file mode 100644 index f302c34..0000000 --- a/CVE-2018-6192.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5e411a99604ff6be5db9e273ee84737204113299 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Tue, 30 Jan 2018 02:05:57 +0100 -Subject: [PATCH] Bug 698916: Indirect object numbers must be in range. - ---- - source/pdf/pdf-parse.c | 2 ++ - source/pdf/pdf-xref.c | 4 ++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - -Index: mupdf-1.12.0-source/source/pdf/pdf-parse.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-parse.c -+++ mupdf-1.12.0-source/source/pdf/pdf-parse.c -@@ -616,6 +616,8 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_d - fz_throw(ctx, FZ_ERROR_SYNTAX, "expected object number"); - } - num = buf->i; -+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_SYNTAX, "object number out of range"); - - tok = pdf_lex(ctx, file, buf); - if (tok != PDF_TOK_INT) -Index: mupdf-1.12.0-source/source/pdf/pdf-xref.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-xref.c -+++ mupdf-1.12.0-source/source/pdf/pdf-xref.c -@@ -234,8 +234,8 @@ pdf_xref_entry *pdf_get_populating_xref_ - } - - /* Prevent accidental heap underflow */ -- if (num < 0) -- fz_throw(ctx, FZ_ERROR_GENERIC, "object number must not be negative (%d)", num); -+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "object number out of range (%d)", num); - - /* Return the pointer to the entry in the last section. */ - xref = &doc->xref_sections[doc->num_xref_sections-1]; diff --git a/CVE-2018-6544.patch b/CVE-2018-6544.patch deleted file mode 100644 index ff81e36..0000000 --- a/CVE-2018-6544.patch +++ /dev/null @@ -1,53 +0,0 @@ -Index: mupdf-1.12.0-source/source/pdf/pdf-stream.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-stream.c -+++ mupdf-1.12.0-source/source/pdf/pdf-stream.c -@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_ - *orig_gen = 0; - } - -- fz_var(chain); -+ chain = fz_keep_stream(ctx, chain); - - fz_try(ctx) - { - len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length)); - -- /* don't close chain when we close this filter */ -- chain2 = fz_keep_stream(ctx, chain); -+ chain2 = chain; - chain = NULL; - chain = fz_open_null(ctx, chain2, len, offset); - -Index: mupdf-1.12.0-source/source/pdf/pdf-xref.c -=================================================================== ---- mupdf-1.12.0-source.orig/source/pdf/pdf-xref.c -+++ mupdf-1.12.0-source/source/pdf/pdf-xref.c -@@ -1595,6 +1595,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_do - { - objstm = pdf_load_object(ctx, doc, num); - -+ if (pdf_obj_marked(ctx, objstm)) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup"); -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, objstm); -+ fz_rethrow(ctx); -+ } -+ -+ fz_try(ctx) -+ { -+ pdf_mark_obj(ctx, objstm); -+ - count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N)); - first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First)); - -@@ -1674,6 +1687,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_do - fz_drop_stream(ctx, stm); - fz_free(ctx, ofsbuf); - fz_free(ctx, numbuf); -+ pdf_unmark_obj(ctx, objstm); - pdf_drop_obj(ctx, objstm); - } - fz_catch(ctx) diff --git a/fix-openjpeg-flags.patch b/fix-openjpeg-flags.patch deleted file mode 100644 index a789389..0000000 --- a/fix-openjpeg-flags.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: b/source/fitz/load-jpx.c -=================================================================== ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -445,7 +445,6 @@ - - #else /* HAVE_LURATECH */ - --#define OPJ_STATIC - #define OPJ_HAVE_INTTYPES_H - #if !defined(_MSC_VER) || _MSC_VER >= 1600 - #define OPJ_HAVE_STDINT_H diff --git a/mupdf-1.12.0.tar.xz b/mupdf-1.12.0.tar.xz deleted file mode 100644 index dff65b3..0000000 --- a/mupdf-1.12.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:577b3820c6b23d319be91e0e06080263598aa0662d9a7c50af500eb6f003322d -size 37299040 diff --git a/mupdf-1.13.0.tar.xz b/mupdf-1.13.0.tar.xz new file mode 100644 index 0000000..cfb8dc4 --- /dev/null +++ b/mupdf-1.13.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:746698e0d5cd113bdcb8f65d096772029edea8cf20704f0d15c96cb5449a4904 +size 37243936 diff --git a/mupdf.changes b/mupdf.changes index 39b7d7b..8765450 100644 --- a/mupdf.changes +++ b/mupdf.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Apr 23 07:36:23 UTC 2018 - kbabioch@suse.com + +- Update to version 1.13: + - primarily a bugfix release. + - New "mutool sign" tool for showing and verifying digital signatures. + - Chinese, Japanese, Korean, Cyrillic, and Greek font support in mutool create. + - Improvements to annotation editing API. +- Dropped patches, which are included upstream now: + - CVE-2018-6192.patch + - CVE-2018-5686.patch + - CVE-2018-6187.patch + - CVE-2018-1000051.patch + - CVE-2017-17858.patch + - CVE-2018-6544.patch + - fix-openjpeg-flags.patch + ------------------------------------------------------------------- Wed Feb 14 18:46:28 UTC 2018 - crrodriguez@opensuse.org diff --git a/mupdf.spec b/mupdf.spec index 307eba8..d5123b9 100644 --- a/mupdf.spec +++ b/mupdf.spec @@ -18,7 +18,7 @@ Name: mupdf -Version: 1.12.0 +Version: 1.13.0 Release: 0 Summary: Lightweight PDF and XPS Viewer and Parser and Rendering Library License: AGPL-3.0+ @@ -27,14 +27,7 @@ Url: https://mupdf.com/ Source0: https://mupdf.com/downloads/mupdf-%{version}-source.tar.xz#/%{name}-%{version}.tar.xz Source1: mupdf.desktop Source2: mupdf.png -Patch1: fix-openjpeg-flags.patch -Patch2: CVE-2018-5686.patch -Patch3: CVE-2017-17858.patch -Patch4: CVE-2018-6187.patch -Patch5: CVE-2018-6192.patch -Patch6: CVE-2018-6544.patch -Patch7: CVE-2018-1000051.patch -Patch8: mupdf-no-strip.patch +Patch0: mupdf-no-strip.patch BuildRequires: freetype2-devel BuildRequires: gcc-c++ BuildRequires: jbig2dec-devel @@ -71,14 +64,7 @@ based on mupdf. %prep %setup -q -n %{name}-%{version}-source -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%patch0 -p1 # do not use the inlined copies of build dpendencies except for mujs rm -rf $(ls -d thirdparty/*/ | grep -v mujs)